coduck

The system uses `execFile`/`spawn` for Git and Codex CLI commands, which is inherently safer against shell injection than `exec`. A critical security measure, `validateRepoUrl`, mitigates SSRF by restricting external Git repository URLs to a configurable whitelist (GitHub and GitLab by default) and enforcing absolute local paths for 'no-worktree' mode. This protects the worker from fetching from malicious external URLs or making unintended requests to internal network services. No obvious hardcoded secrets, 'eval' calls, or code obfuscation were found. The 'no-worktree' mode, while intentional, allows the worker to operate directly on a specified absolute path (often `process.cwd()`), meaning a compromised orchestrator or an untrusted job creator could potentially cause unintended file system modifications outside of isolated worktrees. However, this is mitigated by validation on the `repo_url` for 'no-worktree' jobs (must be absolute path) and the design choice to not automatically clean up these directories.